Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.
5. @adam_englander
What To Expect
• Gain a working understanding of common
terms used in cryptography.
• Understand the key drivers for choosing
cryptography methodologies, algorithms and
strengths.
• Know which PHP modules to use.
6. @adam_englander
What Not to Expect
• Deep dive into algorithms
• A lot of comparison between algorithms and
implementations
• Become a cryptography expert
13. @adam_englander
Achieving Maximum Entropy
• Use Cryptographically Secure Pseudo-Random Number
Generators (CSPRNG).
• Salts add global randomness to hashing.
• Feedback loops add local randomness to block ciphers.
• Initialization Vectors add global randomness to block
ciphers.
• Some ciphers introduce randomness with padding.
14. @adam_englander
Local vs Global Entropy
Local entropy is
entropy with a
singular pice of data
within a larger
system.
Global entropy is
entropy of the same
or similar data across
the entirety of a larger
system.
15. @adam_englander
How Random Is Random?
• It turns out it can be quite random as long as you
use the correct tools.
• Since PHP7, CSPRNG extension provides platform
independent cryptographically secure pseudo-
random data.
• Until you move to PHP7, paragonie/random_compat
package will give you the same functionality.
30. @adam_englander
Asymmetric Key Cryptography
• RSA and DSA are available in PHP. Use RSA.
• Uses very large prime integers
• Very computationally expensive
• Uses key pairs to protect secret
31. @adam_englander
Super Duper Secret
• Private key can do encrypt, decrypt, sign, and
verify signature
• Public key does not have enough data to
decrypt or sign. Can only encrypt and verify
signature
32. @adam_englander
Key Size and Hash Algorithm
• Current minimum recommend key size is 2048
• SHA1 is considered safe but SHA-256 is better
33. @adam_englander
Data Limitations
• RSA can only encrypt or sign data up to the
length of the key size
• Signatures use hashing
• Crypto often mixed with symmetric key
cryptography
34. @adam_englander
Padding
• Padding is how RSA creates additional
entropy
• Use Optimal Asymmetric Encryption Padding
(OAEP)
• Do not use PKCS1-V1_5 as it is no longer
considered cryptographically secure
35. @adam_englander
Symmetric Encryption
• Uses small shared key
• Has modes for
encrypting data larger
than the key
• Fast encryption
• Uses initialization vector
and key for entropy
39. @adam_englander
Cipher Block Chaining (CBC)
• Entire message is required for decryption
• Full cipher text block is used as the seed for
the next block
41. @adam_englander
Galois Counter Mode (GCM)
• Counter based cipher stream
• Entire message is required for decryption
• Encrypts plain text and generates an
authentication code similar to an HMAC
simultaneously that is returned with the IV in
the cipher text
46. @adam_englander
Digital Signature
• Used to verify integrity of data
• Used mostly for data transfer
• Can be used for verifying data at rest
• Can not be reversed but can be reproduced
for verification
50. @adam_englander
Which KDF Should I Use?
• argon2i is the new hotness
• scrypt is preferred
• bcrypt is acceptable
• PBKDF2 can be used in a pinch
51. @adam_englander
How Can I Use KDFs?
• PHP has the best package for managing that
PERIOD! Use the password extension. Just
use it!
• For *cough* pre-5.5.0, you can use ircmaxell/
password-compat
• Provides tools for hash upgrades. AWESOME!
56. @adam_englander
Hi Bob, I’m Alice.
Can you hear me?
Bob Alice
Client starts
TCP session by
sending a
synchronized
packet to the
server
57. @adam_englander
Bob Alice
Yes Alice, I can
hear you. Can you
hear me?
Server responds by
sending SYNchronize-
ACKnowledgement
packet to the client
58. @adam_englander
Yes Bob, I can hear
you.
Bob Alice
Client completes
TCP session the
initialization by
sending
ACKnowledge
packet to the
server
59. @adam_englander
This is
conversation
12345. I know
German and
Spanish.
Bob Alice
Client informs the
server the session
requires TLS and
sends the TLS version
number, cipher
settings, public key,
and session-specific
data.
61. @adam_englander
Bob Alice
The
signature on his
ID matches. He’s
Bob.
Client verifies
the server’s
certificate by
verifying the
signature
against the
known
certificate
authority.
62. @adam_englander
Ich denke an
eine Farbe, die Sie
mit gelb zu
machen.
Bob Alice
Client and
server begin a
conversation
that is now
encrypted using
asymmetric
encryption.
64. @adam_englander
I have a color
that makes orange
with yellow with
yellow.
Bob Alice
Session symmetric key
negotiation begins with
client generating a
secret random value
and sending a shared
value and a value
derived from the two.
Alice’s secret is red, the
shared value is yellow,
and the derived value is
orange.
65. @adam_englander
Bob Alice
I have a color
than makes green
with yellow.
The server generates its
own secret random
value and sends a
value derived from it
and the shared value.
Bobs secret is blue, the
shared value is yellow,
and the derived value is
green.
66. @adam_englander
Bob Alice
Our shared color
is purple.
Both determine a
new shared
value based on
combining the
two secret
values.
Alice’s secret is
red. Bob’s secret
is blue. Their
combined
secrets are
purple.
71. @adam_englander
Disclaimers
• Although every app is different, commonalities
exist across most applications
• I am only recommending what I know and have
vetted directly or indirectly via my work
experience
• If you think you are different, ask yourself if the
advantages outweigh the risks
72. @adam_englander
Types
• Use RSA asymmetric key cryptography when
transferring data
• Mix with AES and random keys/IVs per transfer
• Use CSPRNG extension/package for keys, salts
and initialization vectors
• Use password extension/package for passwords
73. @adam_englander
Strength
• Use the strongest cryptography you can afford
• AES: aes-256-cbc / sha256 minimum
• RSA: 2048+ PKCS1_OAEP / RSA-SHA256
• Hash until it hurts!
74. @adam_englander
Packages/Libraries
• Use OpenSSL for encryption and digital signatures
• For extreme compatibility, use phpseclib/phpseclib
• Use CSPRNG extension/package for keys, salts
and initialization vectors
• Use password extension/package for passwords
79. @adam_englander
libsodium
• AES-GCM or ChaCha20-Poly1305 for symmetric
encryption including auth tag
• XSalsa20-Poly1305 for asymmetric encryption
• Ed25519 for asymmetric digital signatures
• Blake2b for hashing
• Argon2 and Scrypt KDFs for password hashing